PHP MD5 output does not match C# MD5 output

Question

in C# I'm trying to get a hashed md5 value of a password like so:

 string sb = textBox2.Text;
            byte[] asciiBytes = ASCIIEncoding.ASCII.GetBytes(sb);
            byte[] hashedBytes = MD5CryptoServiceProvider.Create().ComputeHash(asciiBytes);
            string hashedString = BitConverter.ToString(hashedBytes).Replace("-", "").ToLower();
 var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(sb);
            sb = System.Convert.ToBase64String(plainTextBytes);

in php I get that value by using md5 command,

echo md5("megusia94");

the input in both cases are the same, yet the output in PHP is: d1e44ad921daadaf8defadcd21c8644a while in C# the output is: bWVndXMpYTk0

What am I doing wrong? I've searched this forum and tried: MD5 hashing does not match in C# and PHP c# md5 and php md5 not match

**You shouldn't use [MD5 password hashes](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)**. Please use **PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)** (`password_hash()` and `password_verify()`) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). **It is not necessary** to [escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. — GrumpyCrouton, Sep 21 '17 at 19:19
This seems to be a duplicate of https://stackoverflow.com/q/5821677/1415724 — Funk Forty Niner, Sep 21 '17 at 19:28
the possible duplicate I posted above, is the very same used in the answer and from the accepted answer in the other question — Funk Forty Niner, Sep 21 '17 at 21:05

score 2 · Accepted Answer · answered Sep 21 '17 at 19:29

2

You are not comparing the same two things. What you are comparing is the base64-representation of the ASCII-encoded input string with the actual MD5 hash (in HEX representation) from PHP.

Instead look at this:

byte[] asciiBytes = ASCIIEncoding.ASCII.GetBytes("megusia94");
byte[] hashedBytes = MD5CryptoServiceProvider.Create().ComputeHash(asciiBytes);
string hashedString = BitConverter.ToString(hashedBytes).Replace("-", "").ToLower();
Console.WriteLine(hashedString);

It correctly produces the hash d1e44ad921daadaf8defadcd21c8644a, which is the same as the one you get from PHP.

answered Sep 21 '17 at 19:29

Jens

6,030
2
20
47

Thank you this worked. I'm a bit rusty on my C# skills trying to refresh it. It was years since my last application written with this language. – pokrak94 Sep 21 '17 at 19:33
@pokrak94 No problem. Please also note the advice from GrumpyCrouton and don't use this hashing scheme in any security related setting ;-) It's just so very flawed. – Jens Sep 21 '17 at 19:35
This is for a home application that I already have a php version of, now trying same in C#. Not gonna publish it or anything - just for the sake of practice. Thanks! – pokrak94 Sep 21 '17 at 19:44

score -1 · Answer 2 · answered Sep 21 '17 at 19:33

-1

PHP md5:

Returns the hash as a 32-character hexadecimal number.

Your C# code:

Returns the hash with base64 encoding.

answered Sep 21 '17 at 19:33

Balázs Sándor

41
5

PHP MD5 output does not match C# MD5 output

2 Answers2